Peter H. Gregory - CISSP For Dummies

LPT (Licensed Penetration Tester): Another EC Council certification takes penetration testing to a higher level than CEH. Learn more at https://cert.eccouncil.org .

CHFI (Certified Hacking Forensics Investigator): Also from EC Council, this certification recognizes the skills and knowledge of a forensic expert who can detect computer crime and gather forensic evidence. Find out more here: https://cert.eccouncil.org .

CSFA (CyberSecurity Forensic Analyst): This certification demonstrates the knowledge and skills required for conducting computer forensic examinations. Part of the certification exam is an actual forensics assignment in the lab. Check out www.cybersecurityforensicanalyst.com/ for more information.

CompTIA Security+: A security competency certification for PC techs and the like. We consider this certification an entry-level certification that may not be for you. Still, you may advise your aspiring colleagues who want to get into information security that this certification is an excellent place to start. You can find out more at www.comptia.org/certifications/security .

OSCP (Offensive Security Certified Professional): Offered by Offensive Security, OSCP is considered one of the top penetration testing certifications available. Many people consider CEH the entry-level pen testing cert and OSCP the top dog. Find out more at www.offensive-security.com .

You can find many other security certifications. Use your favorite search engine and search for phrases such as “security certification” to find information.

Regularly, technology and security professionals ask us which certifications they should earn next. Our answer is almost always the same: Your decision depends on where you are now and where you want your career to go. There is no single “right” certification for everyone; determining which certification you should seek is a very individual thing.

When considering other certifications, ask yourself the following questions:

Where am I in my career right now? Are you more focused on technology, policy, operations, development, or management?

Where do I want my career to go in the future? If (for example) you’re stuck in operations, but you want to be focusing on policy, let that goal be your guide.

What qualifications for certifications do I possess right now? Some people tackle certifications based on the skills they already possess, and they use those newly earned certifications to climb the career ladder.

What do I need to do in my career to earn more qualifications? You need to consider what certifications you may be qualified to earn right now and what experience you must develop to earn future certifications.

If you’re honest with yourself, answering these questions should help you discern what certifications are right for you. We recommend that you take time every few years to do some long-term career planning; most people will find that the answers to the questions we’ve listed here will change.

You might even find that some of the certifications you have no longer reflect your career direction. If so, permit yourself to let those certifications lapse. There’s no sense hanging on to old certifications that no longer exhibit (or help you attain) your career objectives. Each of us has done this at least once, and we may again someday.

Most non\technical certifications require you to prove that you already possess the required job experience to earn them. People make this common mistake: They want to earn a certification to land a particular kind of job. But that’s not the purpose of a certification. Instead, a certification is evidence that you already possess both knowledge and experience.

If you’re somewhat new to infosec (and even if you’re not!), and you find yourself asking many questions about your career, perhaps you would benefit from a mentor. A mentor is someone who has lived your professional lifestyle and been on the security journey for many years.

We suggest you shop around for a mentor and decide on one after talking with a few prospects. Mentors often have different approaches, from casual discussions to more structured learning.

If you’re not sure where to find a mentor, start with one or more of your area's local security organizations or activities. You may have to find a long-distance mentor if you live outside a major city, but the experience can still be rewarding!

As you transition in your career from a security beginner to a security expert, consider being a mentor yourself. You’ll find that although you’ll be helping another aspiring security professional get their career started, you’ll also learn quite a bit about security and yourself along the way.

Being mentored is not just for beginners. Even accomplished leaders have mentors who help them on their professional journeys.

You are defined by more than just your job title and your certifications. As you take your career further into information security expertise (and perhaps leadership), you’ll want to establish your brand above and beyond the job you are in today. Infosec professionals tend to stay in their positions for three to four years — a small fraction of a career. Instead of remaking your brand each time you change employers, elevate your brand to set it apart from your employers. Here are some of the ways you can spread your wings:

Create a LinkedIn profile. LinkedIn has become the de-facto platform for building your brand. If you haven’t done a lot with LinkedIn, we suggest that you pick up a copy of LinkedIn For Dummies, 4th Edition, by Joel Elad (John Wiley & Sons, Inc.) and go all in.

Join (ISC)2 and other communities. You might find your niche through the (ISC)2 communities discussed earlier in this chapter, where you can help and be helped.

Use other social media. If you are serious about building your brand, you might also consider creating a professional Twitter and/or Instagram account.

Start a blog. Your opinions and insights matter, and a blog is a great way to express yourself through articles and other information about yourself and your contributions to the profession.

Print personal business cards. If you are a business-card type of person, consider getting your own business cards. Go plain or go fancy. Peter prefers the minimalist approach, as you can see in Figure 2-1.

Photo courtesy of authors

FIGURE 2-1:Make your own personal business cards.

Building your brand is about contributing to the profession, not seeing what you can find for the taking.

Personal Branding For Dummies, 2nd Edition, by Susan Chritton (Wiley), is a great way to learn more about your brand and how you can use it to help others and get ahead.

We think that the best way to succeed in a security career is to pursue excellence every day, whether you’re already in your dream security job or just starting.